From owner-freebsd-ipfw@FreeBSD.ORG Mon Jan 8 11:08:31 2007 Return-Path: X-Original-To: freebsd-ipfw@FreeBSD.org Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A88DA16A506 for ; Mon, 8 Jan 2007 11:08:31 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.freebsd.org (Postfix) with ESMTP id 91A2913C4AE for ; Mon, 8 Jan 2007 11:08:31 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l08B8VdX016502 for ; Mon, 8 Jan 2007 11:08:31 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l08B8Tr5016498 for freebsd-ipfw@FreeBSD.org; Mon, 8 Jan 2007 11:08:29 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 8 Jan 2007 11:08:29 GMT Message-Id: <200701081108.l08B8Tr5016498@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: linimon set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Jan 2007 11:08:31 -0000 Current FreeBSD problem reports Critical problems Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/51274 ipfw [ipfw] [patch] ipfw2 create dynamic rules with parent o kern/73910 ipfw [ipfw] serious bug on forwarding of packets after NAT o kern/74104 ipfw [ipfw] ipfw2/1 conflict not detected or reported, manp o conf/78762 ipfw [ipfw] [patch] /etc/rc.d/ipfw should excecute $firewal o bin/80913 ipfw [patch] /sbin/ipfw2 silently discards MAC addr arg wit o kern/88659 ipfw [modules] ipfw and ip6fw do not work properly as modul o kern/93300 ipfw ipfw pipe lost packets o kern/95084 ipfw [ipfw] [patch] IPFW2 ignores "recv/xmit/via any" (IPFW o kern/97504 ipfw [ipfw] IPFW Rules bug o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/98831 ipfw [ipfw] ipfw has UDP hickups o kern/102471 ipfw [ipfw] [patch] add tos and dscp support o kern/103454 ipfw [ipfw] [patch] add a facility to modify DF bit of the o kern/106534 ipfw [ipfw] [panic] ipfw + dummynet 14 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau o kern/46159 ipfw [ipfw] [patch] ipfw dynamic rules lifetime feature o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o bin/50749 ipfw [ipfw] [patch] ipfw2 incorrectly parses ports and port o kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes o kern/69963 ipfw [ipfw] install_state warning about already existing en o kern/71366 ipfw [ipfw] "ipfw fwd" sometimes rewrites destination mac a o kern/72987 ipfw [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes ( o kern/73276 ipfw [ipfw] [patch] ipfw2 vulnerability (parser error) o bin/78785 ipfw [ipfw] [patch] ipfw verbosity locks machine if /etc/rc o kern/80642 ipfw [ipfw] [patch] ipfw small patch - new RULE OPTION o kern/82724 ipfw [ipfw] [patch] Add setnexthop and defaultroute feature o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o kern/87032 ipfw [ipfw] [patch] ipfw ioctl interface implementation o kern/91847 ipfw [ipfw] ipfw with vlanX as the device o kern/103328 ipfw sugestions about ipfw table o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o bin/104921 ipfw [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a o kern/105330 ipfw [ipfw] [patch] ipfw (dummynet) does not allow to set q 20 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Tue Jan 9 09:27:07 2007 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id DC7BC16A407 for ; Tue, 9 Jan 2007 09:27:07 +0000 (UTC) (envelope-from budiyt@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.185]) by mx1.freebsd.org (Postfix) with ESMTP id 6417113C441 for ; Tue, 9 Jan 2007 09:27:07 +0000 (UTC) (envelope-from budiyt@gmail.com) Received: by nf-out-0910.google.com with SMTP id k27so66165nfc for ; Tue, 09 Jan 2007 01:27:06 -0800 (PST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=X3xgXTI1qTLFvT7s1RBFRz3DpCGp6XFOGsXKr2e+JxvKub/8QrKGiWgtfTGtcoM66tID1bTypunRBImiqE+yyZ9HF9SOcjpZHV3d8Pd3xAjdn9IMfx23mwqdcWEgvv4au+3X7QMkqE/t4hTDDNBpyMwudr0ZMelhN0yd0fZmq7Q= Received: by 10.49.90.18 with SMTP id s18mr119996nfl.1168333334961; Tue, 09 Jan 2007 01:02:14 -0800 (PST) Received: by 10.49.28.4 with HTTP; Tue, 9 Jan 2007 01:02:14 -0800 (PST) Message-ID: <4d4dc3640701090102y7e3bb929h2d306ec6776b4498@mail.gmail.com> Date: Tue, 9 Jan 2007 16:02:14 +0700 From: budsz To: freebsd-ipfw@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: Need help to convert rule iptables to ipfw X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Jan 2007 09:27:07 -0000 Dear, I've some problem with nat and rdr onto the same network like sample: iptables -t nat -I PREROUTING -i eth1 -p tcp -d 202.xxx.yyy.123 --dport 6112 -j DNAT --to-destination 192.168.0.1:6112 iptables -t nat -I PREROUTING -i eth0 -p tcp -s 192.168.0.0/24 -d 202.xxx.yyy.123 --dport 6112 -j DNAT --to-destination 192.168.0.1:6112 iptables -t nat -I POSTROUTING -o eth0 -s 192.168.0.0/24 -d 192.168.0.0/24 -j SNAT --to-source 202.xxx.yyy.123 That rules using iptables on Linux mechine. Now, I've already run ipfw2 with FreeBSD box. My questions is how to implement rule like that if use ipfw2. Does ipfw support feature PREROUTING/POSTROUTING like iptables on Linux system?. Thanks you. -- budsz